Manalyze report for 565f68633a76da66bc4f3e6ce73d7e81

This file seems to be a .NET executable.
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2076-Jun-15 12:38:28
Comments	System_31
CompanyName	System_31
FileDescription	System_31
FileVersion	`2.0.0.0`
InternalName	ConsoleApp21.exe
LegalCopyright	Copyright © 2021
LegalTrademarks	System_31
OriginalFilename	ConsoleApp21.exe
ProductName	System_31
ProductVersion	`2.0.0.0`
Assembly Version	2.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET executable -> Microsoft`
Info	The PE is digitally signed.	`Signer: \xC5\x81\xC7\xAB\xC9\xAA\xE1\xB4\x8B\xCE\x94\xCE\x9C\xE1\xB4\xA2\xCA\x99s\xCA\x8F\xC3\x98\xE1\xB4\x8B\xE1\xB4\x8D\xE1\xB4\x8B\xC5\x87\xC7\xAB\xCE\x9Cs\xC6\x97` `Issuer: \xC5\x81\xC7\xAB\xC9\xAA\xE1\xB4\x8B\xCE\x94\xCE\x9C\xE1\xB4\xA2\xCA\x99s\xCA\x8F\xC3\x98\xE1\xB4\x8B\xE1\xB4\x8D\xE1\xB4\x8B\xC5\x87\xC7\xAB\xCE\x9Cs\xC6\x97`
Malicious	VirusTotal score: 50/71 (Scanned on 2021-02-18 03:49:30)	`MicroWorld-eScan: Gen:Variant.MSILHeracles.11969` `ALYac: Gen:Variant.MSILHeracles.11969` `Cylance: Unsafe` `Sangfor: Trojan.Win32.Save.a` `K7AntiVirus: Trojan-Downloader ( 00577fa61 )` `Alibaba: Trojan:MSIL/SuspectCrc.1028d333` `K7GW: Trojan-Downloader ( 00577fa61 )` `Cybereason: malicious.33a76d` `BitDefenderTheta: Gen:NN.ZemsilCO.34574.bm1@a4O4K9i` `Cyren: W32/MSIL_Kryptik.CZG.gen!Eldorado` `Symantec: Trojan.Gen.2` `APEX: Malicious` `Avast: Win32:DangerousSig [Trj]` `Kaspersky: HEUR:Trojan-PSW.MSIL.Agensla.gen` `BitDefender: Gen:Variant.MSILHeracles.11969` `NANO-Antivirus: Trojan.Win32.Agensla.ilvyrl` `Paloalto: generic.ml` `ViRobot: Trojan.Win32.Z.Wacatac.23440` `Tencent: Win32.Trojan.Falsesign.Suxz` `Ad-Aware: Gen:Variant.MSILHeracles.11969` `Emsisoft: Gen:Variant.MSILHeracles.11969 (B)` `Comodo: TrojWare.Win32.Agent.imdar@0` `F-Secure: Trojan.TR/Dldr.Agent.avvwl` `DrWeb: BackDoor.SpyBotNET.25` `TrendMicro: Trojan.MSIL.MALREP.THBAGBA` `McAfee-GW-Edition: Artemis!Trojan` `FireEye: Gen:Variant.MSILHeracles.11969` `Sophos: Mal/Generic-S + Troj/Inject-GSN` `Avira: TR/Dldr.Agent.avvwl` `Kingsoft: Win32.Heur.KVM019.a.(kcloud)` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Gridinsoft: Trojan.Win32.Kryptik.oa` `Arcabit: Trojan.MSILHeracles.D2EC1` `ZoneAlarm: HEUR:Trojan-PSW.MSIL.Agensla.gen` `GData: Gen:Variant.MSILHeracles.11969` `Cynet: Malicious (score: 85)` `AhnLab-V3: Malware/Gen.RL_Reputation.C4339301` `McAfee: RDN/Generic.grp` `MAX: malware (ai score=81)` `Malwarebytes: Spyware.LokiBot` `ESET-NOD32: a variant of MSIL/TrojanDownloader.Agent.HJZ` `TrendMicro-HouseCall: Trojan.MSIL.MALREP.THBAGBA` `Rising: Downloader.Agent!8.B23 (CLOUD)` `Ikarus: Trojan.Inject` `Fortinet: PossibleThreat` `Webroot: W32.Trojan.Gen` `AVG: Win32:DangerousSig [Trj]` `Panda: Trj/CI.A` `CrowdStrike: win/malicious_confidence_60% (W)` `Qihoo-360: Win32/Trojan.Generic.HgIASPIA`

Hashes

MD5	`565f68633a76da66bc4f3e6ce73d7e81`
SHA1	`ec90ff0178fddee5782dc607379e4e1e912555a8`
SHA256	`bbc5727bbd913262d6ef7229835da334fe74ac468c28a94b348fab5f258a04af`
SHA3	`3eb26240588ace5889119bbd05d4ddd35cbf09e156a83711a84d6ba1dbed947c`
SSDeep	`384:rTtJxD6Kp/Xz+9I/tuvZRxF3zCZx1iLCQYhj:NJxDBPz4Ikv3xFDCr7Nhj`
Imports Hash	`f34d5f2d4577ed6d9ceec516c1f5a744`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2076-Jun-15 12:38:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x3c00`
SizeOfInitializedData	`0x800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00005B3E (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xa000`
SizeOfHeaders	`0x200`
Checksum	`0x153b0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`bdb92a97ce10301817eddecb518199fd`
SHA1	`990d3bccad4b06cad64fd2a7d6d9c56790ef62e4`
SHA256	`e5ee38dc23f152dadc9cca7dcad75520037708e158a8860089e2cb3c71cb96f5`
SHA3	`6b31ea5b6419ed63fbb4e8c2305c59bc78639c27a4d3a4c49d6e0d0417b0513b`
VirtualSize	`0x3b44`
VirtualAddress	`0x2000`
SizeOfRawData	`0x3c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.68883`

.rsrc

MD5	`1ac8da3ec6df6e870027d42eae677aa5`
SHA1	`dec6afc9ce0927a801ea46e0f6b52258569babd4`
SHA256	`ca1ee7dd8aaa548b5de55b3a7a8ced6ffd39b375546f30e216c105052860778c`
SHA3	`959048c3c7ccea0774647b0c873c1606d42e358ccb2caa22b5f1cfd1073df2c0`
VirtualSize	`0x5e8`
VirtualAddress	`0x6000`
SizeOfRawData	`0x600`
PointerToRawData	`0x3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.19685`

.reloc

MD5	`322344947e693cb0e9b430db192b7d90`
SHA1	`f8225e4ea1740a6f1525328108af61ca96b4fa69`
SHA256	`d0dd385df47f228718a8c5cd226e2afa39da250222de54b4dd8b234718368d8e`
SHA3	`17985af9b3bd4ef596f527b00b20289db24575514f62791c6849b7a715a2b2f1`
VirtualSize	`0xc`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0815394`

Imports

mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x35c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34223`
MD5	`0fb2f78a7a88d9bcc463a65e9aac2adf`
SHA1	`b9051cd027a63d61d84a237edeeeab34d202b911`
SHA256	`cf5f2cd57682bb8257b90963f3110e9cba74af35930c3994a7bd7e2ebafb3fdd`
SHA3	`61e17e0b66ef8b41127b91f7367dd37d6be3e12668b3e27b5bfe400c2fe58c6e`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.0.0.0
ProductVersion	2.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	System_31
CompanyName	System_31
FileDescription	System_31
FileVersion (#2)	2.0.0.0
InternalName	ConsoleApp21.exe
LegalCopyright	Copyright © 2021
LegalTrademarks	System_31
OriginalFilename	ConsoleApp21.exe
ProductName	System_31
ProductVersion (#2)	2.0.0.0
Assembly Version	2.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

565f68633a76da66bc4f3e6ce73d7e81

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors